[Python-checkins] r53543 - in python/branches/bcannon-objcap: BRANCHNEWS Lib/codecs.py Python/pythonrun.c

[brett.cannon]

Author: brett.cannon
Date: Wed Jan 24 19:49:35 2007
New Revision: 53543

Modified:
   python/branches/bcannon-objcap/BRANCHNEWS
   python/branches/bcannon-objcap/Lib/codecs.py
   python/branches/bcannon-objcap/Python/pythonrun.c
Log:
Make codecs module safe by changing sys import to only import exactly what it
needs (byteorder).  This prevents a reference to the sys module from slipping
past.

The warnings module is still unsafe as it uses sys._getframe.


Modified: python/branches/bcannon-objcap/BRANCHNEWS
==============================================================================
--- python/branches/bcannon-objcap/BRANCHNEWS	(original)
+++ python/branches/bcannon-objcap/BRANCHNEWS	Wed Jan 24 19:49:35 2007
@@ -51,4 +51,7 @@
 Library
 -------
 
+* Change the codecs module so that it does not import the entire sys module and
+  thus hold a reference to it.
+
 * rev. 53333: External definition of importlib (from the sandbox) added.

Modified: python/branches/bcannon-objcap/Lib/codecs.py
==============================================================================
--- python/branches/bcannon-objcap/Lib/codecs.py	(original)
+++ python/branches/bcannon-objcap/Lib/codecs.py	Wed Jan 24 19:49:35 2007
@@ -7,7 +7,8 @@
 
 """#"
 
-import __builtin__, sys
+import __builtin__
+from sys import byteorder
 
 ### Registry and builtin stateless codec functions
 
@@ -47,7 +48,7 @@
 # UTF-32, big endian
 BOM_UTF32_BE = '\x00\x00\xfe\xff'
 
-if sys.byteorder == 'little':
+if byteorder == 'little':
 
     # UTF-16, native endianness
     BOM = BOM_UTF16 = BOM_UTF16_LE
@@ -1022,13 +1023,3 @@
 _false = 0
 if _false:
     import encodings
-
-### Tests
-
-if __name__ == '__main__':
-
-    # Make stdout translate Latin-1 output into UTF-8 output
-    sys.stdout = EncodedFile(sys.stdout, 'latin-1', 'utf-8')
-
-    # Have stdin translate Latin-1 input into UTF-8 input
-    sys.stdin = EncodedFile(sys.stdin, 'utf-8', 'latin-1')

Modified: python/branches/bcannon-objcap/Python/pythonrun.c
==============================================================================
--- python/branches/bcannon-objcap/Python/pythonrun.c	(original)
+++ python/branches/bcannon-objcap/Python/pythonrun.c	Wed Jan 24 19:49:35 2007
@@ -344,7 +344,29 @@
 			PyDict_GetItemString(interp->sysdict,
 				"import_delegate"));
 
-	/* Clear out sys.modules (sans some key modules). */
+	/* Clear out sys.modules.
+	   Some modules must be kept around (at least for now; **XXX need to do
+	   a security audit of each one!):
+
+	   * __builtin__
+	       Lose this and Python will not run.
+	   * __main__
+	       Current scope of execution.
+	   * exceptions
+	       Safe to keep around.
+	   * sys
+	       Certain values set during Python initialization that are lost
+	       when the module is deleted and then re-imported.
+	   * encodings
+	       Does dynamic import of encodings which requires globals() to
+	       work; globals() fails when the module has been deleted.
+	   * encodings.utf_8
+	       Many encodings use this.
+	   * codecs
+	       Incremental codecs fail.
+	   * warnings
+	       Warnings reset otherwise.
+	 */
 	module_names_list = PyDict_Keys(interp->modules);
 	module_count = PyList_GET_SIZE(module_names_list);
 	for (x=0; x < module_count; x+=1) {
@@ -355,7 +377,10 @@
 			(strcmp(module_name, "exceptions") != 0) &&
 			(strcmp(module_name, "__main__") != 0) &&
 			(strcmp(module_name, "sys") != 0) &&
-			(strcmp(module_name, "encodings") != 0)) {
+			(strcmp(module_name, "encodings") != 0) &&
+			(strcmp(module_name, "encodings.utf_8") != 0) &&
+			(strcmp(module_name, "codecs") != 0) &&
+			(strcmp(module_name, "warnings") != 0)) {
 			PyDict_DelItemString(interp->modules, module_name);
 		}
 	}